DORA Solution

DORA Register of Information

A person with a camera and a white dog sit on a rocky mountainside, overlooking vast mountain peaks at sunrise.

Ensure compliance with DORA with our efficient RoI IT solution. Simplify data collection, validation, and submission to the CSSF with our Managed Service or Licence-Based Access.

Request a demo today
More about our DORA / IT resilience

Context

Under Article 28 (3) of DORA, as part of their ICT risk management framework, financial entities must maintain and update at entity level, and at sub-consolidated and consolidated levels, a register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers.

For the first year, local competent authorities are required to submit the RoI to the European Supervisory Authorities (ESAs) by 30 April 2025, with a reference date of 31 March 2025.

To that end, Luxembourg financial entities are required to submit their register of information to the CSSF between 1 April 2025 and 15 April 2025 via eDesk. Submitted registers will be subject to certain validation checks by the CSSF between 15 and 30 April 2025. If errors are detected, the submitting financial entity will be invited to fix the identified errors and re-submit its register before 30 April 2025. The ESAs will perform additional checks over the course of May 2025, and in the event of additional errors, submitting financial entities will be required to fix the detected errors and re-submit the RoI to the CSSF. ESAs will not provide financial entities with a tool/script to generate their RoI.

Register of Information 

As RoIs must be submitted to the competent authorities annually and their specifications are particularly complex and require significant collection work, we have developed a simple and efficient RoI IT solution to help you prepare and submit them under the prescribed plain CSV format, thus facilitating the input and maintenance process of your contractual and ICT third-party provider information. A specialist team is available to advise on the required content, handle data entry in our RoI IT solution and generate the required CSV files to ensure timely and accurate submission to the competent authorities.

You can use it as either:

  • a Managed Service where we handle the entire process on your behalf, or
  • a Licence-Based Access, where we grant you direct access to our IT Register tool, allowing you to populate and manage the data independently.
Request a demo today

Contact an expert or download our fact sheets

Yann Fihey

Partner ARC

Bénédicte d’Allard

Director

DORA – Smooth sailing within DORA Compliance

pdf6 MB

Download

Arendt by your side for every step of DORA implementation

pdf443 KB

Download

More about our DORA / IT resilience